TL;DR:

  • The FBI recovered Google Nest doorbell footage from "backend systems", even though the camera was disconnected and had no active subscription. Google says the data was in residual backend storage. Privacy advocates say you should be alarmed.
  • Senators Durbin and Lee are reviving the SAFE Act to require warrants before the government searches Americans' communications collected under FISA Section 702. The bill drops tomorrow. 67 days until the surveillance authority sunsets.
  • DHS is monitoring what you post on Reddit. A leaked intelligence bulletin shows agents tracked a user who called for a peaceful protest, and profiled their posts about sports and movies, too.
  • Ring's Super Bowl ad for "Search Party" drew bipartisan backlash: critics called it "propaganda for mass surveillance." The AI pet-tracking feature is on by default.
  • A hacktivist scraped 536,000 stalkerware customer records from Struktura, the Ukrainian company behind uMobix and Geofinder. Turns out spying tools aren't great at protecting their own users.

Your "Disconnected" Nest Camera Still Had the Tape. The FBI Got It.

The Nancy Guthrie disappearance case just became one of the most important privacy stories of the year, and not because of the kidnapping itself.

Guthrie, the 84-year-old mother of Today Show host Savannah Guthrie, vanished from her Tucson home on February 1. Investigators initially believed her Google Nest doorbell camera had been tampered with and disconnected. She had no active Nest subscription, meaning video should have been deleted within three to six hours under Google's free tier.

Then the FBI announced they'd recovered the footage anyway. FBI Director Kash Patel said engineers extracted "residual data located in backend systems." The footage showed a masked person with what appeared to be a holstered handgun on Guthrie's porch the night she disappeared.

Good for the investigation. Terrible for anyone who thought "no subscription" meant "no data."

Michelle Dahl, executive director of the Surveillance Technology Oversight Project, told reporters: "We should absolutely be alarmed over the privacy implications." Fortune noted the case "highlights mounting unease over how much control Nest-and-Ring-style devices give both tech companies and law enforcement over intimate footage from people's homes."

If data from a disconnected, subscription-free camera can be recovered days later from "backend systems," what exactly is Google storing, and for how long? The company's documentation says free-tier video isn't saved. The FBI's evidence says otherwise.

Sources: Fortune, NBC News, Tom's Guide, CNN

SAFE Act Returns: Senators Push Warrant Requirement for 702 Searches

The bipartisan FISA reform bill is back. Senators Dick Durbin (D-IL) and Mike Lee (R-UT) are reintroducing the Security and Freedom Enhancement Act tomorrow, and this time, with Section 702 set to expire on April 20, the clock is actually ticking.

The SAFE Act would require intelligence agencies to get a warrant or FISA Title I order before accessing the contents of Americans' communications swept up in Section 702 collection. The bill would also revisit a controversial 2024 provision that critics say expanded the government's surveillance reach by broadening the definition of "communications service providers."

The co-sponsor list reads like a bipartisan privacy wishlist: Senators Mazie Hirono, Steve Daines, Ron Wyden, Cynthia Lummis, Tammy Baldwin, Martin Heinrich, Elizabeth Warren, Ed Markey, and Bernie Sanders. On the House side, Representatives Jim Jordan and Rick Crawford (who chairs the Intelligence Committee) huddled with CIA Director John Ratcliffe, DNI Tulsi Gabbard, and Stephen Miller in the White House Situation Room on February 10 to discuss a renewal path.

That Situation Room meeting tells you how seriously the administration takes this. What it doesn't tell you is whether they'll back reforms. At a classified Senate hearing on February 9, intelligence officials refused to state whether the Trump administration wants renewal, prompting what CNN described as an eruption of frustration.

Last time, a House warrant amendment failed on a 212-212 tie. One vote. The domestic surveillance angle has gotten louder since: ICE's social media dragnets, DOGE's cross-agency data consolidation, giving reformers fresh ammunition. Full 702 breakdown here.

Sources: Nextgov/FCW, Senate Judiciary Committee, The Record, CNN

DHS Is Watching What You Post on Reddit

A leaked DHS intelligence bulletin from January 2026 confirms what privacy advocates have long warned about: the government is monitoring ordinary people's social media posts, not because they're threatening violence, but because they're criticizing federal agencies.

The bulletin, first reported by Ken Klippenstein and picked up by Boing Boing, details how DHS field agents flagged a Reddit user known as Budget-Chicken-2425. Their offense: posting a call for a peaceful protest in the Rio Grande Valley against ICE and Border Patrol.

The bulletin itself admitted there was "no specific reporting of planned violence targeting DHS personnel or facilities linked to this protest call." Didn't matter. They tracked the user anyway.

It gets worse. Agents didn't just flag the protest post. They built a behavioral profile, cataloguing the user's participation in forums about sports, films, and literature as part of what the bulletin described as "pattern, trend, and relationship analysis." You post about a protest, and suddenly your movie reviews are intelligence data.

This connects to a broader pattern. We've covered ICE's Zignal Labs contract for monitoring 8 billion social media posts, and the growing web of private contractors feeding social media intelligence to immigration enforcement. The Reddit bulletin shows this surveillance isn't targeting terrorists or cartels. It's targeting people exercising their First Amendment rights.

Sources: Boing Boing, Ken Klippenstein, IBTimes

Ring's Super Bowl Ad: Lost Dogs Meet Neighborhood Surveillance Grid

Ring's Super Bowl LX ad for its "Search Party" feature was the second-most-liked commercial of the night, according to Variety. It was also called "dystopian" and "propaganda for mass surveillance" by viewers across the political spectrum.

The feature, which Ring is making free for all users, uses AI-powered computer vision to scan doorbell cameras across entire neighborhoods when someone reports a lost pet. Upload a photo of your missing dog, and nearby Ring cameras start scanning for matches automatically.

Sounds heartwarming until you think about it for thirty seconds. Search Party is turned on by default. If you own a Ring camera, you're already part of the network unless you've opted out. Ring is giving $1 million to 4,000 animal shelters to promote the feature: a lot of cameras on a lot of sidewalks running AI recognition software, all for finding Fido.

The EFF responded: "No One, Including Our Furry Friends, Will Be Safer in Ring's Surveillance Nightmare." The same infrastructure scanning for lost pets today could scan for people tomorrow. Ring already has extensive law enforcement partnerships. Engadget published a guide on how to disable Search Party. We covered the full story.

Sources: GeekWire, Yahoo News, WRAL

536,000 Stalkerware Customers Exposed by Hacktivist

A hacktivist going by "wikkid" scraped 536,000 payment records from Struktura, the Ukrainian company behind stalkerware apps including uMobix, Geofinder, and Peekviewer. The irony is thick: people who paid to spy on others just had their own data exposed.

The scraped records include email addresses, which stalkerware brand customers paid for, payment amounts, card types, and last four digits of payment cards. The hacktivist told TechCrunch the data was obtained through a "trivial" bug in Struktura's website.

Stalkerware apps like uMobix let someone secretly monitor another person's phone: call records, text messages, photos, browsing history, and real-time GPS location. They're marketed for "parental monitoring" but widely used by abusive partners and stalkers. This is the latest in a string of stalkerware breaches. We covered the full breakdown.

Sources: TechCrunch, TechRadar

Breach Roundup: Harvard Gets ShinyHunted, AT&T's Zombie Data Returns

Harvard and UPenn: The ShinyHunters group published 2.2 million stolen records from Harvard University and the University of Pennsylvania on February 4 after both schools refused to pay ransom. The Harvard data includes email addresses, phone numbers, home addresses, donation details, and event attendance from the Alumni Affairs and Development department. The breach started with a voice phishing campaign targeting administrative staff. [TechCrunch]

AT&T "Zombie Breach": A dataset containing roughly 176 million AT&T customer records has been privately circulating since February 2. This isn't a new breach: it's the 2024 breach data, enriched. Criminal groups merged the original AT&T records with data from the 2024 Snowflake incident to create consolidated identity profiles. The result: up to 148 million Social Security numbers paired with names, addresses, and phone numbers in a single searchable package. Malwarebytes called it a "phishing superweapon." Old breaches don't expire; they get more dangerous. [Malwarebytes]

Quick Hits: Free Surveillance Pipeline, ICE Facial Recognition Ban

EFF exposes the "free" surveillance playbook: The Electronic Frontier Foundation published a major analysis of how vendors like Flock Safety, Fusus, and Ring offer police free cameras, ALPRs, and drones, bypassing city council votes. The real cost: taxpayer-funded subscriptions later, plus data pipelines to ICE that nobody approved. Denver is currently trialing free Flock and Skydio drones. No ballot initiative. No public debate. Just "free" cameras feeding federal databases.

ICE Out of My Face Act introduced: Senators Markey, Merkley, Wyden, and Representative Jayapal introduced a bill on February 5 to ban ICE and CBP from using facial recognition and require deletion of all biometric data collected. The EFF, ACLU, EPIC, and Fight for the Future endorsed it. Slim odds in this Congress, but it puts the fight on record. Read our full coverage. [Rep. Jayapal] [EFF]

What to Watch

  • SAFE Act introduction tomorrow: Durbin and Lee formally reintroduce the FISA 702 reform bill. Watch for the full text and committee reactions.
  • Google Nest data retention: Expect calls for congressional inquiry into what Google stores on "backend systems" and how long it keeps data from cameras without active subscriptions.
  • FISA 702 countdown: 67 days until the April 20 sunset. The White House Situation Room meeting suggests urgency. The classified hearing chaos suggests nobody has a plan.
  • Conduent credit monitoring: The March 31 deadline for credit monitoring enrollment is approaching. 25.9 million affected Americans need to act. Details here.
  • Ring Search Party opt-out: If you own a Ring camera, check whether Search Party is enabled. It's on by default.

References

  1. Fortune - Nancy Guthrie Case Google Nest Privacy Concerns
  2. NBC News - Google Nest Backend Data Recovery
  3. Tom's Guide - Nest Camera Privacy Implications
  4. CNN - Google Key Role in Guthrie Video Recovery
  5. Nextgov/FCW - Senators Revive FISA 702 Reform
  6. Senate Judiciary Committee - SAFE Act
  7. The Record - White House 702 Meeting
  8. CNN - FISA 702 Classified Hearing
  9. Boing Boing - DHS Stalking Reddit Users
  10. Ken Klippenstein - DHS Spying on Reddit
  11. IBTimes - DHS Reddit Surveillance
  12. GeekWire - Ring Search Party Explained
  13. Yahoo News - Ring Bipartisan Backlash
  14. TechCrunch - Stalkerware 536K Customer Breach
  15. TechRadar - Stalkerware Breach
  16. TechCrunch - Harvard UPenn ShinyHunters Breach
  17. Malwarebytes - AT&T Zombie Breach
  18. EFF - Free Surveillance Tech Costs
  19. Rep. Jayapal - ICE Out of My Face Act
  20. EFF - Yes to the ICE Out of My Face Act